Corporate Computer Security (4th ED) CH. 8-10
IP Telephone
A PC with VoIP software
Magnetic Tape
A backup media that stores large amounts of data at the lowest cost per bit of all backup media
Shadowing
A cankup copy of each file being worked on is written every few minuets to the hard drive or to another location
Apache
A freeware web-server program
Voice over IP (VoIP)
A phone call over the IP internet
JavaScript
A scripting language
VBScript
A scripting language
Registrar Server
A server that verifies the user's credentials
Danvers Doctrine
Add strong security to all of its supervisory protocols
Presence Servers
Allow the two parties to locate each other
Simple Network Management Protocol
Allows a company to control many remote managed devices from a central manager
Buffer Overflow
An attack that sends a message with more bytes than the programmer had allocated for a buffer
Caller Impersonation
An attacker impersonating someone while calling someone else
Login Screen Bypass
An attacker types a URL to a page beyond the login screen when the login screen appears
Data Extrusion Management
Attempts to prevent restricted data files from leaving the firm without permission
Overfiltered
Blocking E-Mails that should not have been blocked
Toll Fraud
Breaking into corporate VoIP system in order to place free long-distance and international telephone calls
Hardware Security Module
Create and store cryptographic keys
Raid 5
Distributed Parity (Striping with parity)
Discovery Process
Dredge up messages in which an employee has said something embarrassing or even obviously illegal
Local Backup
Each computer is backed up individually
Continuous Data Protection (CDP)
Each site backs up the other site
Scripting Languages
Easier to learn than programming languages
Parity Bits
Enable reconstruction of data stored on other disks
Backup
Ensuring that copies of data files are stored safely and securely and will survive even if the data on the host are lost or damaged.
SQL Injection
Entering a string that includes both the user's name and another SQL query
Data Model
Entity names, attributes, and the structure of relationships between entities
What are the two main sinaling standard in VoIP?
H.323 for older systems and Session Initiation Protocol(SIP)
Codec
Hardware or software that converts a persons voice into a stream of digital bytes
Circle of Trust
If you trust Pat, and Pat trusts Leo, then you also trust Leo
Watermark
Invisible information stored in files
Malicious Links
Links that point to malicious software or malicious websites
Eavesdropping
Listening to a phone call without permission
Traffic Analysis
Measures the amount of traffic or a particular type from one party to another
Active-X
Microsoft created language for active webpage content
Internet Information Server (IIS)
Microsoft's web-server software
Raid 1
Mirroring
Data masking
Obscures data such that it cannot identify a specific person but remains practically useful.
Cross-Site Scripting (XSS)
One users input can appear on the page of another user
File/Directory Data Backup
Only backs up data on the computer, not programs
File/Directory Encryption
Only encrypts the specific files and directories you tell to encrypt
Incremental Backup
Only save the data changed since the most recent backup
Buffers
Places where data is stored temporarily.
Return Address
Points to the location in RAM that holds the address of the next command to be executed in the suspended program
Image Spam
Presents spam as a graphical image
PGP
Pretty Good Privacy
Personally Identifiable Information
Private employee or customer information
Spreadsheet Vault Servers
Provides strong access control including authentication of suitable strength , authorizations and auditing
Full Backup
Record all the data on the computer, and can take a long time
RAID
Redundant Array of independent disks
Hexadecimal Directory Traversal Attack
Sending HTTP directory traversal messages with two hexadecimal codes for dots
Data Loss Prevention
Set of policies, procedures. and systems designed to prevent sensitive data from being released to unauthorized persons.
Java Applets
Small Java programs
Cookie
Small text string that the website owner can place on a client computer
Development Servers
Specialized servers to grant developers special permissions
Testing Server
Specialized servers used to test the server-side applications
Federal Rules of Civil Procedure
Specify processes that apply to lawyers and judges in civil cases
Tables/Relations
Stores information about an entity
Archiving
Storing backup data for extended periods
Raid 0
Striping
Website Defacement
Taking over a computer and putting up a hacker-produced page instead of the normal home page
E-Commerce Service
The additional software needed for bying and selling, including online catalogs, shopping carts, checkout functions, connections to back-end databases within the firm, and links to outside organizations, such as banks
Acceptable Data Loss
The amount of data that is appropriate to loose in the event of a disaster
Centralized backup
The backup is done over the network from a central backup console
Transport
The carriage of voice between the two parties
Mesh Backup
The client PCs in an organization back up each other
Initial Discovery Meetings
The defendant must be able to specify what information is available for the legal discovery process
404 Errors
The directory or file is not found
Image Backup
The entire contents of the hard drive are copied to backup media
backup console
The location of the centralized backup
Information
The meaning extracted from data
Recovery Point Objective (RPO)
The point in time before the disaster to which all prior data must be recoverable
Production Server
The production servers provides the services to the users
Data
The raw facts
Recovery Time Objective (RTO)
The time required to recover from a disaster and restore normal operations
Nominal Deletion
This happens when you select a file and press the delete key, it is moved to the recycle bin, the data can be recovered easily.
SIP Proxy Server
This server contacts a proxy server in the called party's network
PSTN Gateway
Translate between VoIP and PSTN
Entities
Types of objects that represent. persons. places. things. or events
Directory Traversal Attack
Typing URLs with ".." in them can give access to sensitive directories, including the command prompt directory
Spam
Unsolicited commercial e-mail
Data Manipulation Language (DML) Triggers
Used to produce automatic responses if data have been altered
Data Definition Language (DDL) Triggers
Used to produce automatic responses if the structure of the database has been altered.
Ajax
Uses multiple technologies to create dynamic client-side applications.
Profiling
Using statistical methods, algorithms, and mathematics to find patterns in a data-set which uniquely identify an individual
Granularity
When a database is used for trend analysis
Disk Array
Writing data to an array of hard drives
Digital Rights management (DRM)
attempt to limit what users can do to data, in order to reduce security threats
Document Restrictions
attempt to limit what users can do to documents, in order to reduce security threats
Database management Systems (DBMS)
can mange database structures, and restrict access to individual databases
Attributes
characteristics (adjectives) about the entity that you want to collect
Auditing
collect information about users interactions with databases
Signaling
communication to manage a network
Whole-Disk Encryption
encrypts an entire disk drive
WWW Root
in a request for a file to be downloaded the "root" is really a particular directory owned by the web-server.
Databases
integrated collections of data, and metadata, stored on computers
Validate
making sure they are in the expected data type
Data Loss Prevention (DLP) Systems
manage data extrusion, extrusion prevention filtering and DLP policies
Key
one, or more, attribute that uniquely identifies each row
Row(AKA Tuple/Record)
represents a specific occurrence of the entity